Table of Contents
- Executive Summary
- Market Categories and Deployment Types
- Decision Criteria Comparison
- GigaOm Radar
- Solution Insights
- Analyst’s Outlook
- Methodology
- About Paul Stringfellow
- About GigaOm
- Copyright
1. Executive Summary
Phishing has long been and remains the leading method used by cybercriminals in attempts to breach organizations. Successful phishing attacks lead to the loss of data, services, and money—or worse, all three. That is why prudent, risk-aware IT security leaders must make it a high priority to combat phishing attempts.
This is a complex and sophisticated challenge, matched only by the complexity and sophistication of the attacks and the tools attackers are using to carry them out. The value of stolen credentials to an attacker is significant, as is the risk that breached credentials present to a business.
Phishing exploits focus on any platform where users communicate, so as businesses find new ways to share information, attackers are presented with an ever-widening attack surface. Just as enterprise communications are no longer conducted solely via email, neither is phishing. Today, phishing attempts are made across diverse channels, including chat, messaging, productivity, collaboration, conferencing, and social media—and these are only the electronic elements of attacks. We can also add to the list SMS messaging, voice, and video-based attacks. Often, attackers use a mix of these channels in a single attack. An attack chain may start with an email that leads to an instant message that leads to a phone call, all aimed at a single user.
As the world looks to the new opportunities presented by AI, so does the cybercriminal. Attackers are leveraging AI to study a target’s online habits, enabling them to more accurately craft a phishing attempt that is likely to catch the casual observer off guard. AI is also used to augment previously stolen information to create synthetic identities, which can then be used in further attacks or other cybercrimes. The increased awareness of AI and its increasing acceptance by enterprises presents an additional attack vector.
Phishing is an issue organizations of all sizes must address. It targets users with ever-more sophisticated attacks across a wide range of channels, in ways that are increasingly difficult to identify and stop. Therefore, it is essential to employ comprehensive phishing prevention tools that provide appropriate security to organizations. Finding the right solution to reduce this significant risk must be a priority because a phishing breach is likely to have serious consequences.
The market is well served by vendors offering protection across threat channels. Solutions are designed to integrate across channels and aggregate metrics to spot live risks and use intelligence to provide advance warning of potential threats. Vendors continue to build capabilities to cover the ever-changing threat landscape, using threat intelligence, analytics, and AI to effectively identify threats, stop attacks, and educate and protect users from sophisticated threats.
This is our fourth year evaluating the anti-phishing space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.
This GigaOm Radar report examines 13 of the top anti-phishing solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading anti-phishing offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.
GIGAOM KEY CRITERIA AND RADAR REPORTS
The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.